feat(cognito): add PreTokenGeneration lambda trigger support (#3910)

* feat(cognito): add PreTokenGeneration lambda trigger support fixes #2497 * Update to adhere LambdaConfigProperty * feat(cognito): add UserMigration lambda trigger support * feat(cognito): add different instances of lambda functions on the user pool test(if api correctly appends triggers)
aws · Sep 12, 2019 · e9f46da · e9f46da
1 parent bace776
commit e9f46da
Show file tree

Hide file tree

Showing 4 changed files with 130 additions and 17 deletions.
diff --git a/packages/@aws-cdk/aws-cognito/lib/user-pool.ts b/packages/@aws-cdk/aws-cognito/lib/user-pool.ts
@@ -188,6 +188,18 @@ export interface UserPoolTriggers {
    */
   readonly preSignUp?: lambda.IFunction;
 
+  /**
+   * A pre-token-generation AWS Lambda trigger.
+   * @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-token-generation.html
+   */
+  readonly preTokenGeneration?: lambda.IFunction;
+
+  /**
+   * A user-migration AWS Lambda trigger.
+   * @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-migrate-user.html
+   */
+  readonly userMigration?: lambda.IFunction;
+
   /**
    * Verifies the authentication challenge response.
    * @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-verify-auth-challenge-response.html
@@ -486,6 +498,28 @@ export class UserPool extends Resource implements IUserPool {
     this.triggers = { ...this.triggers, preSignUp: fn.functionArn };
   }
 
+  /**
+   * Attach 'Pre Token Generation' trigger
+   * Grants access from cognito-idp.amazonaws.com to the lambda
+   * @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-token-generation.html
+   * @param fn the lambda function to attach
+   */
+  public addPreTokenGenerationTrigger(fn: lambda.IFunction): void {
+    this.addLambdaPermission(fn, 'PreTokenGeneration');
+    this.triggers = { ...this.triggers, preTokenGeneration: fn.functionArn };
+  }
+
+  /**
+   * Attach 'User Migration' trigger
+   * Grants access from cognito-idp.amazonaws.com to the lambda
+   * @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-migrate-user.html
+   * @param fn the lambda function to attach
+   */
+  public addUserMigrationTrigger(fn: lambda.IFunction): void {
+    this.addLambdaPermission(fn, 'UserMigration');
+    this.triggers = { ...this.triggers, userMigration: fn.functionArn };
+  }
+
   /**
    * Attach 'Verify Auth Challenge Response' trigger
    * Grants access from cognito-idp.amazonaws.com to the lambda

diff --git a/packages/@aws-cdk/aws-cognito/test/test.user-pool.ts b/packages/@aws-cdk/aws-cognito/test/test.user-pool.ts
@@ -53,34 +53,93 @@ export = {
   'on* API correctly appends triggers'(test: Test) {
     // GIVEN
     const stack = new cdk.Stack();
-    const fn = new lambda.Function(stack, 'MyLambda', {
+
+    const createAuthChallengeLambdaFn = new lambda.Function(stack, 'createAuthChallengeLambda', {
+      code: new lambda.InlineCode('foo'),
+      handler: 'index.handler',
+      runtime: lambda.Runtime.NODEJS_8_10,
+    });
+
+    const customMessageLambdaFn = new lambda.Function(stack, 'customMessageLambda', {
+      code: new lambda.InlineCode('foo'),
+      handler: 'index.handler',
+      runtime: lambda.Runtime.NODEJS_8_10,
+    });
+
+    const defineAuthChallengeLambdaFn = new lambda.Function(stack, 'defineAuthChallengeLambda', {
+      code: new lambda.InlineCode('foo'),
+      handler: 'index.handler',
+      runtime: lambda.Runtime.NODEJS_8_10,
+    });
+
+    const postAuthenticationLambdaFn = new lambda.Function(stack, 'postAuthenticationLambda', {
+      code: new lambda.InlineCode('foo'),
+      handler: 'index.handler',
+      runtime: lambda.Runtime.NODEJS_8_10,
+    });
+
+    const postConfirmationLambdaFn = new lambda.Function(stack, 'postConfirmationLambda', {
+      code: new lambda.InlineCode('foo'),
+      handler: 'index.handler',
+      runtime: lambda.Runtime.NODEJS_8_10,
+    });
+
+    const preAuthenticationLambdaFn = new lambda.Function(stack, 'preAuthenticationLambda', {
+      code: new lambda.InlineCode('foo'),
+      handler: 'index.handler',
+      runtime: lambda.Runtime.NODEJS_8_10,
+    });
+
+    const preSignUpLambdaFn = new lambda.Function(stack, 'preSignUpLambda', {
+      code: new lambda.InlineCode('foo'),
+      handler: 'index.handler',
+      runtime: lambda.Runtime.NODEJS_8_10,
+    });
+
+    const preTokenGenerationLambdaFn = new lambda.Function(stack, 'preTokenGenerationLambda', {
+      code: new lambda.InlineCode('foo'),
+      handler: 'index.handler',
+      runtime: lambda.Runtime.NODEJS_8_10,
+    });
+
+    const userMigrationLambdaFn = new lambda.Function(stack, 'userMigrationLambda', {
+      code: new lambda.InlineCode('foo'),
+      handler: 'index.handler',
+      runtime: lambda.Runtime.NODEJS_8_10,
+    });
+
+    const verifyAuthChallengeResponseLambdaFn = new lambda.Function(stack, 'verifyAuthChallengeResponseLambda', {
       code: new lambda.InlineCode('foo'),
       handler: 'index.handler',
       runtime: lambda.Runtime.NODEJS_8_10,
     });
 
     // WHEN
     const pool = new cognito.UserPool(stack, 'Pool', { });
-    pool.addCreateAuthChallengeTrigger(fn);
-    pool.addCustomMessageTrigger(fn);
-    pool.addDefineAuthChallengeTrigger(fn);
-    pool.addPostAuthenticationTrigger(fn);
-    pool.addPostConfirmationTrigger(fn);
-    pool.addPreAuthenticationTrigger(fn);
-    pool.addPreSignUpTrigger(fn);
-    pool.addVerifyAuthChallengeResponseTrigger(fn);
+    pool.addCreateAuthChallengeTrigger(createAuthChallengeLambdaFn);
+    pool.addCustomMessageTrigger(customMessageLambdaFn);
+    pool.addDefineAuthChallengeTrigger(defineAuthChallengeLambdaFn);
+    pool.addPostAuthenticationTrigger(postAuthenticationLambdaFn);
+    pool.addPostConfirmationTrigger(postConfirmationLambdaFn);
+    pool.addPreAuthenticationTrigger(preAuthenticationLambdaFn);
+    pool.addPreSignUpTrigger(preSignUpLambdaFn);
+    pool.addPreTokenGenerationTrigger(preTokenGenerationLambdaFn);
+    pool.addUserMigrationTrigger(userMigrationLambdaFn);
+    pool.addVerifyAuthChallengeResponseTrigger(verifyAuthChallengeResponseLambdaFn);
 
     // THEN
     expect(stack).to(haveResourceLike('AWS::Cognito::UserPool', {
       LambdaConfig: {
-        CreateAuthChallenge: stack.resolve(fn.functionArn),
-        CustomMessage: stack.resolve(fn.functionArn),
-        DefineAuthChallenge: stack.resolve(fn.functionArn),
-        PostAuthentication: stack.resolve(fn.functionArn),
-        PostConfirmation: stack.resolve(fn.functionArn),
-        PreAuthentication: stack.resolve(fn.functionArn),
-        PreSignUp: stack.resolve(fn.functionArn),
-        VerifyAuthChallengeResponse: stack.resolve(fn.functionArn)
+        CreateAuthChallenge: stack.resolve(createAuthChallengeLambdaFn.functionArn),
+        CustomMessage: stack.resolve(customMessageLambdaFn.functionArn),
+        DefineAuthChallenge: stack.resolve(defineAuthChallengeLambdaFn.functionArn),
+        PostAuthentication: stack.resolve(postAuthenticationLambdaFn.functionArn),
+        PostConfirmation: stack.resolve(postConfirmationLambdaFn.functionArn),
+        PreAuthentication: stack.resolve(preAuthenticationLambdaFn.functionArn),
+        PreSignUp: stack.resolve(preSignUpLambdaFn.functionArn),
+        PreTokenGeneration: stack.resolve(preTokenGenerationLambdaFn.functionArn),
+        UserMigration: stack.resolve(userMigrationLambdaFn.functionArn),
+        VerifyAuthChallengeResponse: stack.resolve(verifyAuthChallengeResponseLambdaFn.functionArn)
       }
     }));
 

diff --git a/tools/cfn2ts/test/expected.cdk.output b/tools/cfn2ts/test/expected.cdk.output
@@ -14344,6 +14344,16 @@ export namespace aws.cognito.UserPool {
          */
         CustomMessage?: string | core.Token;
 
+        /**
+         * @link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-lambdaconfig.html#cfn-cognito-userpool-lambdaconfig-pretokengeneration
+         */
+        PreTokenGeneration?: string | core.Token;
+
+        /**
+         * @link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-lambdaconfig.html#cfn-cognito-userpool-lambdaconfig-usermigration
+         */
+        UserMigration?: string | core.Token;
+
         /**
          * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-lambdaconfig.html#cfn-cognito-userpool-lambdaconfig-verifyauthchallengeresponse
          */

diff --git a/tools/cfn2ts/test/expected.cfnobjects.output b/tools/cfn2ts/test/expected.cfnobjects.output
@@ -15092,6 +15092,16 @@ export namespace aws.cognito.UserPool {
          */
         CustomMessage?: string | core.Token;
 
+        /**
+         * @link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-lambdaconfig.html#cfn-cognito-userpool-lambdaconfig-pretokengeneration
+         */
+        PreTokenGeneration?: string | core.Token;
+
+        /**
+         * @link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-lambdaconfig.html#cfn-cognito-userpool-lambdaconfig-usermigration
+         */
+        UserMigration?: string | core.Token;
+
         /**
          * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-lambdaconfig.html#cfn-cognito-userpool-lambdaconfig-verifyauthchallengeresponse
          */